Ähnliche Präsentationen

2 neue Wege in der Kommunikation und ZusammenarbeitDas ZielIntelligente, konvergente IP- Netzwerklösungen ermöglichenneue Wege in der Kommunikation und Zusammenarbeitund helfen Unternehmen sich besser an den Bedürfnissen der Kunden zu orientieren.Alcatel-Lucent is a provider of integrated and converged IP network solutions enabling new generation communication and collaboration helping enterprises to optimize their businesses. Alcatel-Lucent has developed the Dynamic Enterprise framework to explain the solutions made available. The foundation of this framework is the Intelligent Infrastructure; the best approach for application driven networks. Concretely, the following values of the Alcatel-Lucent Network Infrastructure Solutions sustain the foundation of the Dynamic Enterprise framework:Scalable: interconnecting 10 to 10,000’s of systems and users, whether fixed or mobile, growing with the needs of the businessSecure: unique embedded security across wired and wireless, with role based access control, seamless host integrity checking as well as Intrusion detection capabilitiesSmart: the ability to get uninterrupted productivity, with access to real time applications even during unsolicited network faults or planned network maintenanceSimple: reduction of repetitive complex tasks by network intelligence enabling automation of management and deploymentSustainable: the lowest operational power consumption in its class to lower energy bills and contribute to an eco-sustainable environmentAlcatel-Lucent provides the building blocks to build and maintain an Intelligent Infrastructure, which is the key solution to manage the complexity and growing bandwidth needs of mission critical and converged networks in a Dynamic Enterprise.

12 Umweltverträglichkeit – Ein absolutes Muss…die Infrastrukturprodukte von Alcatel-Lucent haben im Vergleich zu anderen Herstellern einen deutlich niedrigeren Stromverbrauch(1) , besonders in der Nacht wenn die Systeme selbst und Endgeräte (IP Phones) im Idle-Mode laufen(2)…..durch die hohe Portdichte wird außerdem Platz gespart was sich wiederum positiv auf die Kosten für Kühlung und USV auswirkt ...nebenbei belastet das die Umwelt weniger, wie auch ….OS /P24Stromverbrauch 25W/225WGeräuschpegel 0/<35dBmOS /P24Stromverbrauch 52W/225WGeräuschpegel <40/44dBmSchrittweise Umstellung gemäß RoHS 6/6OS X/P24XStromverbrauch 85W ohne PoEGeräuschpegel <44dBmNote : Assumption on TCO of a networking equipment (5 years life-cycle) :TCO = 30% CAPEX (purchasing cost) + 70% OPEX (manpower for operation)OPEX = 30% set-up + 70% maintenanceROI – Data Center / Green ITEnergy consumption savings:Alcatel-Lucent LAN switches consume less energy than competition (Cisco). Energy consumption figures by vendor is public information. This information has been centralised and can be used in Frost & Sullivan Energy Efficiency Calculator.Full chassis solution – up to 80%Full stack solution - ~20%Idle savings (cf Network World and considering people work 8 hours = 1/3 of day):When no traffic is sent to a switch port, the switch is in idle mode. If we consider people work 8 hours a day, we can consider a switch is in idle mode 2/3 of the day. ALU is the only vendor who has intelligently designed its LAN switches to dramatically reduce their power consumption in idle mode. 3rd party testing is available :This study gives the following numbersCisco Catalyst : 142 Watts * 2 (idle) (fully loaded) = 438OS6850 : 79 Watts * 2 (idle) (fully loaded) = 291Difference between both is 40%M² optimization:Information stored in data centers is growing every day, requiring more and more storage servers, and consequently more and more switch ports. All this in an unextensible physical space. Therefore maximising chassis port density is a clear benefit for enterprise IT department. ALU OmniSwitch 9000 can deliver more (GbE) switched ports in a rack than Cisco Catalyst 6500.Calculation:1 rack heights 48 RU (rack units)Catalyst 6509 vertical boards heights 21RU & gives 336 GbE ports (80% wirespeed)I didn’t choose horizontal Cat6509 because it is side cooling and if 10 racks are aligned side to side, the last one is cooled with hot air I didn’t choose 6513 because it is way too oversubscribed (8:1) and because there is no front to back coolingOS9700 heights 11RU & gives 192 Gbe ports wirespeedOS9800 heights 17RU & gives 384 Gbe ports wirespeed1 rack can contain 2 Cat6509 or (2 OS OS9700) = 672 GbE ports (Cisco) vs 960 GbE ports (ALU)Note: if over-subscription is acceptable, we can double our density, Cisco can’tData Center cooling & batteriesEnergy consumption by switches leads to heath. Heath destructs switches. To prevent switches to be destructed by heath they have to be cooled.Failing mains power leads to stopping processes in business. To prevent business processes to stop back up power is necessary.The power needed to backup and cool systems is a factor of the power dissipated. In other words the more power required by a system the higher the costs of energy and investment of equipment for cooling and backup.Therefore a 20-80% energy savings on switches (see above) gives the same savings on cooling and battery energy.ROI – LAN SwitchingUpgrade network users from Fast Ethernet to Gigabit EthernetALU does not force its customer to choose between FE and GbE for user connectivity. ALU OmniSwitches can be upgraded from FE to GbE with only a SW licence where all our competitors need a complete hardware swap for such a migration.1 ALU switch will be bought instead of 2 for competition (the FE and the GbE switch) – ALU saves 50% on CAPEXIt means also 1 set-up (activating a SW licence is nothing compared to reconfiguring interfaces, QoS, security, ACLS etc) vs 2 set-up – ALU saves 50% on set-up50% savings on CAPEX + 50% savings on set-up = 25% TCO savingsROI – Network ManagementOmniVista PolicyView and SecureView (OneTouch QoS and ACL) enables to use wizards to centrally configure once QoS and security (ACL and VLANs) and distribute them to all switches instead of using CLI on each individual switch. Not only it reduces set-up time but also it reduces chances of mis-configuration, therefore reducing maintenance costs. If we just count the configuration savings, we save 20% (30% * 70%), reducing set-up cost to a neglectable value.ROI – WAN & Branch OfficesMPLS insourcingCalculation not done yet (lack of input at this time). Portuguese customer feedback is that buying and operating MPLS equipment and networks in-house, instead of buying WAN services to carriers saves 30% of his WAN costs.Branch Office ConsolidationOmniAccess 700 products are consolidating in a single equipment most of the required functionnalities for branch offices (access router, switch, FW/VPN, IDS, QoS, voice survivability. A single OA700 replaces at least 3 equipments (access router, FW/VPN, IDS) meaning that:CAPEX costs are divided by 3Configuring 3 devices creates geometric complexity (complexity multiplies with several devices) for configuration where in one intelligent device, the configuration complexity is arithmetic (features precedence and co-existence is pre-configured automatically). Configurations costs are divided by 3Maintenance costs are also divided by 3 because less complex configurations require less troubleshooting timeOne equipment consumes 3 times less energy than 3 equipmentsROI – FirewallThe Brick Firewall/VPN has a very unique centralized architecture where everything is configured centrally and then pushed automatically to all the firewall devices. The Brick uses a « zone concept » where you configure several zones and you configure communication security policies between the zones. There is no network interface to configure, there is no LAN or WAN ports to configure.Consequently, the Brick firewall is shipped to every enterprise location with a USB key. To get the Brick active and well configured on the network, we just need to power it, connect it on the network and connect the USB key to it. On-site staff doesn’t need to be IT-skilled.Any other firewall on the market require an IT security expert to connect its laptop on the firewall to make at least the first configuration (interfaces configuration mainly).Brick set-up time is at least reduced by half compared to competitionROI – WLANCentralized vs distributed architecture – « thin » vs « fat » access pointsIn a centralized architecture (thin AP), all the AP configurations (including RF environment, basic IP config, security …) is done at the WLAN controller level, pushed automatically to all AP. The WLAN controller always controls and maintain the WLAN network. In case an AP goes down, one just need to take a new AP from factory and plug it on the Ethernet access switch port, instead of the dead AP. Then the new AP downloads automatically its firmware and its configuration from the WLAN switch, without any human intervention. Meaning that the person that replaces the AP doesn’t need to have any IT skills.In case of a distributed architecture, you have no central configuration and firmware repository. Everything is stored at the AP level. Should one AP fail, you need to plug a new AP. Then you need to connect your laptop to the AP, find the latest firmware (preferably same version than the other Aps), upload it to the AP, reconfigure manually etc etc. You need skilled IT staff on site.If we consider, product maintenance represents 50% of the product TCO (70% * 70%), this maintenance cost doesn’t exist anymore with centralized WLAN architectures.Remote Access using Remote AP licence (home worker solution)The idea is to re-use an existing WLAN centralized infrastructure and extend it to home workers by providing them an Access Point at home. Not only it provides great productivity benefits (see specific Remote AP content for details), but it also gives a substantial ROI to an IT department using a single infrastructure for campus (W)LAN and remote access instead of 2. The infrastructure that gets removed is the specific Ipsec remote access VPN.CAPEX costs might not be too much reduced as additional AP and WLAN sitch capacity needs to be purchased. But OPEX is definitely divided by 2, meaning a 35% TCO saving.OS9702E/9800Max. VollausbauStromverbrauch max . 580W/1040WGeräuschpegel max.59dBmOS10kMax. Vollausbau (256x10GE)Stromverbrauch unter 4200WGeringe Lautstärke durch StrömungskanäleOS (1) (2)

13 Nicht jede Lösung ist gleich, nur gleicherFlexibilität gewinntOS6850 mit externen NetzteilenOmiSwitches inNon-BüroumgebungenS-Bahn Berlin (Schalträume)Bundeswehr (Container)Feuerwehrübungstunnel (CH)Gotthard TunnelGepäckförderanlagen auf verschiedenen FlughäfenStellwerkssteuerungenDHL (Hub Leipzig)OS6250-P24 mitexternen NetzteilenNicht jede Lösung ist gleich, nur gleicherOS6855 für erweiterte TemperturbereicheNote : Assumption on TCO of a networking equipment (5 years life-cycle) :TCO = 30% CAPEX (purchasing cost) + 70% OPEX (manpower for operation)OPEX = 30% set-up + 70% maintenanceROI – Data Center / Green ITEnergy consumption savings:Alcatel-Lucent LAN switches consume less energy than competition (Cisco). Energy consumption figures by vendor is public information. This information has been centralised and can be used in Frost & Sullivan Energy Efficiency Calculator.Full chassis solution – up to 80%Full stack solution - ~20%Idle savings (cf Network World and considering people work 8 hours = 1/3 of day):When no traffic is sent to a switch port, the switch is in idle mode. If we consider people work 8 hours a day, we can consider a switch is in idle mode 2/3 of the day. ALU is the only vendor who has intelligently designed its LAN switches to dramatically reduce their power consumption in idle mode. 3rd party testing is available :This study gives the following numbersCisco Catalyst : 142 Watts * 2 (idle) (fully loaded) = 438OS6850 : 79 Watts * 2 (idle) (fully loaded) = 291Difference between both is 40%M² optimization:Information stored in data centers is growing every day, requiring more and more storage servers, and consequently more and more switch ports. All this in an unextensible physical space. Therefore maximising chassis port density is a clear benefit for enterprise IT department. ALU OmniSwitch 9000 can deliver more (GbE) switched ports in a rack than Cisco Catalyst 6500.Calculation:1 rack heights 48 RU (rack units)Catalyst 6509 vertical boards heights 21RU & gives 336 GbE ports (80% wirespeed)I didn’t choose horizontal Cat6509 because it is side cooling and if 10 racks are aligned side to side, the last one is cooled with hot air I didn’t choose 6513 because it is way too oversubscribed (8:1) and because there is no front to back coolingOS9700 heights 11RU & gives 192 Gbe ports wirespeedOS9800 heights 17RU & gives 384 Gbe ports wirespeed1 rack can contain 2 Cat6509 or (2 OS OS9700) = 672 GbE ports (Cisco) vs 960 GbE ports (ALU)Note: if over-subscription is acceptable, we can double our density, Cisco can’tData Center cooling & batteriesEnergy consumption by switches leads to heath. Heath destructs switches. To prevent switches to be destructed by heath they have to be cooled.Failing mains power leads to stopping processes in business. To prevent business processes to stop back up power is necessary.The power needed to backup and cool systems is a factor of the power dissipated. In other words the more power required by a system the higher the costs of energy and investment of equipment for cooling and backup.Therefore a 20-80% energy savings on switches (see above) gives the same savings on cooling and battery energy.ROI – LAN SwitchingUpgrade network users from Fast Ethernet to Gigabit EthernetALU does not force its customer to choose between FE and GbE for user connectivity. ALU OmniSwitches can be upgraded from FE to GbE with only a SW licence where all our competitors need a complete hardware swap for such a migration.1 ALU switch will be bought instead of 2 for competition (the FE and the GbE switch) – ALU saves 50% on CAPEXIt means also 1 set-up (activating a SW licence is nothing compared to reconfiguring interfaces, QoS, security, ACLS etc) vs 2 set-up – ALU saves 50% on set-up50% savings on CAPEX + 50% savings on set-up = 25% TCO savingsROI – Network ManagementOmniVista PolicyView and SecureView (OneTouch QoS and ACL) enables to use wizards to centrally configure once QoS and security (ACL and VLANs) and distribute them to all switches instead of using CLI on each individual switch. Not only it reduces set-up time but also it reduces chances of mis-configuration, therefore reducing maintenance costs. If we just count the configuration savings, we save 20% (30% * 70%), reducing set-up cost to a neglectable value.ROI – WAN & Branch OfficesMPLS insourcingCalculation not done yet (lack of input at this time). Portuguese customer feedback is that buying and operating MPLS equipment and networks in-house, instead of buying WAN services to carriers saves 30% of his WAN costs.Branch Office ConsolidationOmniAccess 700 products are consolidating in a single equipment most of the required functionnalities for branch offices (access router, switch, FW/VPN, IDS, QoS, voice survivability. A single OA700 replaces at least 3 equipments (access router, FW/VPN, IDS) meaning that:CAPEX costs are divided by 3Configuring 3 devices creates geometric complexity (complexity multiplies with several devices) for configuration where in one intelligent device, the configuration complexity is arithmetic (features precedence and co-existence is pre-configured automatically). Configurations costs are divided by 3Maintenance costs are also divided by 3 because less complex configurations require less troubleshooting timeOne equipment consumes 3 times less energy than 3 equipmentsROI – FirewallThe Brick Firewall/VPN has a very unique centralized architecture where everything is configured centrally and then pushed automatically to all the firewall devices. The Brick uses a « zone concept » where you configure several zones and you configure communication security policies between the zones. There is no network interface to configure, there is no LAN or WAN ports to configure.Consequently, the Brick firewall is shipped to every enterprise location with a USB key. To get the Brick active and well configured on the network, we just need to power it, connect it on the network and connect the USB key to it. On-site staff doesn’t need to be IT-skilled.Any other firewall on the market require an IT security expert to connect its laptop on the firewall to make at least the first configuration (interfaces configuration mainly).Brick set-up time is at least reduced by half compared to competitionROI – WLANCentralized vs distributed architecture – « thin » vs « fat » access pointsIn a centralized architecture (thin AP), all the AP configurations (including RF environment, basic IP config, security …) is done at the WLAN controller level, pushed automatically to all AP. The WLAN controller always controls and maintain the WLAN network. In case an AP goes down, one just need to take a new AP from factory and plug it on the Ethernet access switch port, instead of the dead AP. Then the new AP downloads automatically its firmware and its configuration from the WLAN switch, without any human intervention. Meaning that the person that replaces the AP doesn’t need to have any IT skills.In case of a distributed architecture, you have no central configuration and firmware repository. Everything is stored at the AP level. Should one AP fail, you need to plug a new AP. Then you need to connect your laptop to the AP, find the latest firmware (preferably same version than the other Aps), upload it to the AP, reconfigure manually etc etc. You need skilled IT staff on site.If we consider, product maintenance represents 50% of the product TCO (70% * 70%), this maintenance cost doesn’t exist anymore with centralized WLAN architectures.Remote Access using Remote AP licence (home worker solution)The idea is to re-use an existing WLAN centralized infrastructure and extend it to home workers by providing them an Access Point at home. Not only it provides great productivity benefits (see specific Remote AP content for details), but it also gives a substantial ROI to an IT department using a single infrastructure for campus (W)LAN and remote access instead of 2. The infrastructure that gets removed is the specific Ipsec remote access VPN.CAPEX costs might not be too much reduced as additional AP and WLAN sitch capacity needs to be purchased. But OPEX is definitely divided by 2, meaning a 35% TCO saving.Ethernet ist heute nicht nur in Büro-Umbegungen zu finden. Es dringt auch in verschiedenste andere Bereiche vor. Damit steigen auch die Anforderungen an die Flexibilität wie Bauform, Abmessungen und Umgebungsbedingungen sind kritische Faktoren.

14 Sicherheit – Die lebar ist Regeln bestimmen unser Leben… vertrauliche Daten müssen mit größter Sorgfalt geschützt werden. Mitarbeiter oder Endgeräte erhalten nur die Berechtigungen, die sie erhalten dürfen z.B. über Radius oder über Gastportale, egal ob im LAN, im WLAN oder unterwegs … zusätzlich schützen die Alcatel-Lucent Systeme mit Traffic Anomalie Detection und Host Integrity Check automatisch das Netz vor Angriffen …WiredOmniSwitchRADIUS8950GuestPhoneEmployeePrinterAccessVLANProfileGuestCaptive PortalIP TouchIEEE 802.1XEmployee802.1X SSOPrinterMAC AddressWirelessOmniAccess WirelessRADIUS8950GuestPhoneEmployeeVoice/DataAccessVLANProfileThe OmniSwitch 6850 and 9000 support Pre-Admission control through Access Guardian:-A single port can sense the type of authentication for one or more clients simultaneously-It is based on standard clients and servers, there is NO NEED to buy Alcatel-Lucent clients or appliances like I.e. with HP and Juniper-A client can AUTHENTICATE against any database supporting RADIUS-A client can authenticate based on--IEEE 802.1X--MAC address--Web Portal* (END 2008)--no credentials-A client can be authorized by an attribute returned to the authenticating switch:--VLAN identifier--Profile* including VLAN, bandwidth and ACL (END 2008)-A client can be checked on anomaly behaviour--Traffic Anomaly Detection detects statistic misbehavior and is able to close a port, or ask Quarantine Manager to take action-A client can be quarantined--On misbehavior detected by OmniSwitch or other equipment, Quarantine Manager can quarantine a client, while sending a message to operations, while in future a message can be pushed to the client to show what happened.The same database can be used for Microsoft Active Directory, OmniSwitch, OmniStack, OmniAccess WLAN, OmniTouch Unified Communications and IP Touch.The OmniAccess WLAN Family support Pre-Admission control through Access Guardian:-A single access point can sense the type of authentication for one or more clients simultaneously-It is based on standard clients and servers, there is NO NEED to buy Alcatel-Lucent clients or appliances--mac address--Web Portal--PSK--WLAN identifier--VLAN allocation--Profile including WLAN, bandwidth and Firewall rules--IDS/IPS Detects misbehaviour and is able to disable a client, or ask Quarantine Manager to take action-A rogue AP can be disconnected--Upon a rogue AP detected the wireless switch, Quarantine manager can quarantine an AP, while sending a message to operationsAnother topic is the DECT alike features for Wi-Fi telephony. Handover, roaming, dynamic firewall, battery saving, etc.GuestCaptive PortalIP TouchWPA-2Employee802.1X SSONokia ICCIEEE 802.1X